TARLOGIC's BLOG
Cybersecurity - Page 3

Cybersecurity articles with security analysis and ethical hacking technics information

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
S.T.A².R.S Team

Vulnerabilities CVE-2024-27198 and CVE-2024-27199 affect TeamCity, a CI/CD management server software owned by JetBrains Two new vulnerabilities have been disclosed recently, which[...]

Read more
CVE-2024-22024: XXE vulnerability disclosed in Ivanti products
CVE-2024-22024: XXE vulnerability disclosed in Ivanti products
S.T.A².R.S Team

CVE-2024-22024 is an XML External Entity (XXE) vulnerability that allows a remote attacker to access internal files CVE-2024-22024, a new high rated vulnerability affecting Ivanti [...]

Read more
CVE-2023-7028: A critical vulnerability affecting GitLab
CVE-2023-7028: A critical vulnerability affecting GitLab
S.T.A².R.S Team

Critical vulnerability CVE-2023-7028 in the open source platform GitLab allows taking control of other users’ accounts A critical vulnerability has been discovered in GitLab,[...]

Read more
Critical vulnerabilities of the ownCloud platform are being exploited in the wild
Critical vulnerabilities of the ownCloud platform are being exploited in the wild
S.T.A².R.S Team

On November 21, 2023, three critical vulnerabilities were made public (CVE-2023-49103, CVE-2023-49104, CVE-2023-49105), affecting several applications of the ownCloud online file s[...]

Read more
CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
S.T.A².R.S Team

On October 3, 2023, Qualys published information about a high-severity local privilege escalation vulnerability in the GNU C Library (glibc), which is widely used on Linux systems.[...]

Read more
CVE-2023-38545: Heap overflow vulnerability in curl (SOCKS 5)
CVE-2023-38545: Heap overflow vulnerability in curl (SOCKS 5)
S.T.A².R.S Team

The vulnerability CVE-2023-38545 affects curl, a command line tool and software library used to transfer data to and from a server On October 11th, 2023 the curl development team h[...]

Read more
CVE-2023-42115: Vulnerabilities without security patch in Exim
CVE-2023-42115: Vulnerabilities without security patch in Exim
S.T.A².R.S Team

Exim has multiple critical vulnerabilities, including CVE-2023-4863, that allow attackers to run code on affected systems without authentication. Multiple vulnerabilities, one of t[...]

Read more
Bluetooth vulnerabilities in smart locks
Bluetooth vulnerabilities in smart locks
Fran Álvarez Wic

Detecting and mitigating Bluetooth vulnerabilities in smart locks is critical to securing these IoT devices A smart lock is an IoT device that facilitates access by opening a door [...]

Read more
Hardware vulnerabilities in smart locks
Hardware vulnerabilities in smart locks
Fran Álvarez Wic

We evaluate the hardware security level of the smart locks, disassembling one and analyzing the elements that make it up We got our hands on a Yale Linus smart lock, one that you c[...]

Read more
CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)
CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)
S.T.A².R.S Team

The vulnerability CVE-2023-4863 is found in the open source Libwebp library and affects browsers such as Mozilla, Chrome and Edge On September 6th, 2023 Apple Security Engineering [...]

Read more
1 2 3 4 5 6 13
Advanced penetration testing services